Preservation means more than “to keep in existence.” Preservation in e-discovery actually goes a step further, requiring “it is kept in a perfect or unaltered condition.” This requires making sure both the document and any metadata attached are kept in pristine condition.
Preservation can be an iterative process as details come to light during review. When they do, return to the identification phase and ensure you have a uniform and defensible process. Now that you’ve interviewed the custodians, discovered whether they are central to the case, and where their data exists, the first step is to issue a litigation hold notice as quickly as possible.
Litigation Hold Notice
A litigation hold notice is a written notice advising relevant custodians to not delete or alter any documents relevant to a case or investigation. The ACC released a paper in 2013 outlining the bare minimum of what should be included in the hold notice:
- An overview of the matter
- Specific examples of types of information to be retained
- Possible sources of data
- Applicable date ranges
- Informing recipients of their ongoing obligation to preserve
- Contact information for the legal department
However, I believe that there are a few other pieces of information that are worthwhile to include.
- The current version of the company retention policy, or where they can view it
- Detailed procedure on what to do with the data when it meets the preservation criteria
- Receipt of acknowledgement and willingness to comply either through a button or a signature
Once the litigation hold is sent out by either the general counsel or C-level executive, it’s time to ensure that custodians are complying. Your legal hold notice must have all the required information outlined by the ACC. It is also important to define a process when the custodian does not acknowledge receipt of the written notice.
If a custodian does not acknowledge receipt, there should be a defined process for escalating the problem. This may start with sending the litigation hold notice a second time, and then if still not acknowledged, result in a warning, followed by a meeting with their direct supervisor. Also of concern with a litigation hold is continual compliance with that hold. Depending on the case, it might be prudent to send the hold for acknowledgement once a month for ongoing investigations or matters. Finally, it is critical to mark the release of the hold and authorization.
The litigation hold notifies the custodian and acknowledges both their receipt and understanding, but how do you make sure the actual data is being preserved?
Locking Down Your Data
The other side of the coin is ensuring the policy is being followed and the data is petrified, meaning it can’t be altered or changed. There are generally three ways to achieve that.
- Custodians self-preserve relevant data: This is the most manual, potentially flawed option. Verifying compliance is difficult.
- Actually collect the data: This can be done through taking backup tapes out of the rotation cycle, taking forensic images of specific computers, or creating a backup in the cloud through a program like Crash Plan or Carbonite. Doing this takes the responsibility out of the hands of the individual custodian and reduces risk, especially if wrong-doing is a possibility. However, it is also the most invasive option.
- Preserving data in place: This requires a separate piece of software that lies on top of your network structure. Companies that are regulated usually have a document management system like iManage, Enterprise Vault, or StoredIQ which will allow you to preserve data in its current location. This option offers the least amount of business interruption, but can be cost prohibitive for smaller companies and is not something that can be rolled out quickly once litigation has commenced.
In the same way you are consistently requiring continual acknowledgement of that hold, it is important to audit that indeed the relevant custodians are following the process. Once you have decided and implemented one of the strategies above, both on a personnel level as well as a data level, pat yourself on the back and know that you have successfully preserved your data in a defensible way!